Re: [logs] Seeking suggestions for a syslog tutorial

• Previous message: Jean-Baptiste Marchand: "[logs] [Windows] Private objects security auditing"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Rainer,

Strangely enough I have found many Admins who I'd consider intermediate who 
know very little of Syslog.  Keep in mind my perspective is that of a 
network or network security guy.  Questions I frequently answer:

What is Syslog?
Where is it defined (Docs, RFCs)?
What are levels?
What are facilities?
What are timestamps?
What is / are the transport mechanisms?
What does a Syslog message look like?
What are some common / interesting Syslog messages?
How does Syslog from multiple sources stay in order (time sync - NTP)?
How do I manage all the Syslog data (reduction)?
How do I store (archive) Syslog data?
How do people use Syslog (analysis 101)?
Some examples of simple Syslog reports.

I don't try and guess how many messages will be generated when X happens 
(frequently asked question!) but I do try and show how a device 
configuration can influence the number of messages in the log.  For example 
with the PIX Firewall if you use fail over you get more messages than stand 
alone.  If your use LAN fail over you get more messages than serial fail 
over.  If you use stateful fail over (with LAN fail over) you get even more 
messages.  I run through what some of those messages are and why they are 
important (or not).

We've also developed some Syslog capabilities in some of our products (ACL 
specific "log" capabilities, message suppression, and the ability to 
manipulate message levels).  That's very product specific but it can be 
interesting (at least to those of us that look at too much log data).

I hope this helps.

Liberty for All,

Brian


At 10:50 AM 7/9/2003 +0200, Rainer Gerhards wrote:
>Hi all,
>
>We are currently preparing to do syslog tutorial for the beginner to
>intermediate sysadmin. I would appreciate any suggestions what should go
>into such a tutorial. We intend to deliver both "papers" as well as
>streamin media. The tutorial will be free.
>
>Thanks,
>Rainer
>_______________________________________________
>LogAnalysis mailing list
>LogAnalysisat_private
>http://lists.shmoo.com/mailman/listinfo/loganalysis

_______________________________________________
LogAnalysis mailing list
LogAnalysisat_private
http://lists.shmoo.com/mailman/listinfo/loganalysis

• Next message: Wajih-ur-Rehman: "[logs] regarding %PIX-6-302006:"
• Previous message: Jean-Baptiste Marchand: "[logs] [Windows] Private objects security auditing"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Jul 14 2003 - 15:37:55 PDT